Hi
We have some target systems, mainly LDAP based and SAP, where an account shall only be provisioned if an entitlement is assigned to the identity.
This is how ist supposed to work:
User orders a business role or gets a business role dynamically assigned.
Business roles contain one or more a system roles.
System Roles contain one or more entitlements of a target system System X.
The idea would be
Create a separate Role classe "Account Assignments"
Create a business role "Account Definitions System X"
Assign the Account Definition for System X to the Business role.
Create dynamic Role for the Business role.
In the dynamic Role:
-> Evaluate all Identities with any entitlements for System X.
so all Identities with any entitlement would get an account.
Someone has an idea how to
-> Evaluate all Identities with any entitlements for System X.
Is this a good approach, or are there better methods?
Any help or comments are greatly appreciated.
Very kind regards,
Edi.
